Information We Collect
We collect nonpublic personal information about you from the following sources:
• Information we receive from you on such things as applications and forms, including your name, address, social security number, and employment-related information;
• Information about your transactions with us, our affiliates, or others, such as your account balance and payment history; and,
• Information we receive from a consumer-reporting agency, such as your credit standing and credit history.
Nonpublic personal information is defined by law and generally means financial information that is identified with you that is not obtainable from a public source, such as telephone book or government record.
Affiliates are companies we own or control, companies that own or control us, and companies that are owned or controlled by the same company that owns or controls us. Ownership does not mean complete ownership, but means owning enough to have control.
Nonaffiliated companies are companies that are not affiliates of ours.
Information We Disclose
We do not disclose any nonpublic personal information about our customers or former customers to nonaffiliated companies, except as permitted by law. Through the normal course of doing business, including servicing your accounts and better serving your needs, we may share our transaction and account experience information with you with our affiliates.
Confidentiality and Security
Our employees are bound by this Privacy Notice and are educated on implementing our privacy and information security policies. Only employees actively engaged in their assigned duties are authorized to access or use customer information. We maintain physical, electronic, and procedural safeguards to comply with federal standards to store and secure information about you.
Customer Information Safeguard
The Federal Safeguards Rule requires that the Company maintain a customer privacy program to maintain the integrity and confidentiality of customer information. It is the express policy of the Company to comply with these requirements.
Company personnel are required to adhere to the following policies:
1. Maintain confidentiality of all customer files, customer Social Security numbers, customer personal information, and all other customer records. All customer records shall be maintained in a secure area with the Company’s other books and records.
2. Never disclose to any person or company any customer information, unless (i) expressly authorized by the customer and as necessary to complete a transaction, or (ii) pursuant to a lawful request (subpoena) by law enforcement. Any requests for customer information from law enforcement must be referred immediately to Management and/or the Compliance Officer.
3. Never discard in the trash any documents, check stubs, or other papers of any kind that contain confidential customer information. Any refuse containing Social Security numbers, account numbers or addresses should be destroyed and rendered unreadable. Criminals are known to search the garbage of financial institutions to gather personal information for use in identity theft schemes.
4. Immediately report to the Compliance officer and/or Management any attempt to access confidential customer information or records. This includes any unauthorized use of customer information by Company employees. The Company will then report the incident to law enforcement and file the appropriate Suspicious Activity Report where applicable.
5. The customer shall immediately be notified by Management in the event of unauthorized access or disclosure of such information, or in the event of theft or loss of such information.
Maintaining Information Systems
6. These policies and procedures shall apply to the Company’s computer information systems, including network and storage systems. Electronic customer information shall be stored on a secure server.
7. Servers are to be maintained at all times within the secure confines of the office, or other secure area, accessible only by the Company and its employees.
8. Customer information should not be stored on a server with an Internet connection without appropriate security and/or firewalls to protect the integrity of such information.
9. Backup media and archived data shall be maintained off-line, within the secure confines of the office or other secure area, accessible only by the Company and its employees.
10. The Company shall obtain and install all necessary patches and program updates to resolve software and systems vulnerabilities.
11. In the event of a security systems breach, the Company should take immediate measures to report and correct the problem. Quick action on the part of the Company allows customers to take steps to mitigate misuse of their information, and may protect the customer from potential credit-rating damage.
12. Both law enforcement and customer shall immediately be notified by Management in the event of unauthorized access or disclosure private information, or in the event of theft or loss of such information. Also, notification to credit bureaus may be advisable.